The Looker application requires outbound (public internet) network access for authorization, email relay, github, and license checks.
Looker also needs several other ports that can be internal to your network. Looker needs ports to communicate with your databases. You’ll need additional ports if you have migrated your internal configuration to a MySQL database or if you have clustered Looker (so the cluster nodes can communicate with each other.)
Looker provides a secure mechanism for Looker support staff to login to customer instances.
If you wish to allow this, your Looker instance will need to make an outbound HTTPS connection to auth.looker.com on port 443.
Looker instances backup their application configuration once per day to Amazon S3 via HTTPS on port 443.
Looker sends email for:
- Scheduled Looks to end users.
- Application errors to Looker.
By default, Looker uses Sendgrid as a mail relay. The hostname is smtp.sendgrid.net on port 587. You can also configure Looker to use your own email infrastructure by going to Admin → SMTP.
Looker sends application exception reports to errorssentry.looker.com on port 9000.
Looker sends some usage information to ping.looker.com on port 443. This data informs product decisions and helps Looker understand feature adoption. It does not include any of your database information or metadata.
Looker stores models in GitHub by default. It makes outbound connections to github.com on port 22 (ssh).
Looker connects via HTTPS to license.looker.com on port 443:
- At least once per day, at a random time.
- When Looker starts running.
- When a user clicks the Update button next to the license key on the Admin panel.
After you have ensured Looker can access necessary services you’re ready to enable secure database access.